The EU Internal Security Strategy in Action: Five steps towards a more secure Europe

The development of the EU’s Internal Security Strategy (ISS) is an important contribution to the Stockholm Programme’s aim of an open and secure Europe. The Internal Security Strategy in Action provides a basis for concerted action to address common security challenges.

Why is this communication needed?

Until now, there has been no single document explaining what the EU seeks to achieve in the area of internal security.

Considerable progress has been made at EU-level to supplement the work of national law enforcement, customs and border authorities: facilitating cooperation and information exchange such as through the European Arrest Warrant, funding for joint investigation teams targeting cross-border criminality, common strategies for counter terrorism and drug trafficking, using customs controls to assess the security risk of goods entering the EU, common procedures for better protecting critical infrastructure.

However, there has never been any attempt to link together these policies in a coherent and comprehensive strategy. With the entry into force of the Lisbon Treaty and the abolition of the ‘pillars’ which separated border management and customs controls on the one hand, from police and judicial cooperation on the other, there is now a unique opportunity to take a more strategic approach, and to identify and exploit synergies between the various activities.

Building on the Internal Security Strategy adopted by the Council in February 2010, and within the global perspective of the European Security Strategy (see Report on the implementation of the ESS), the Commission in its communication seeks to identify clear strategic goals for the EU’s internal security policies, and to clarify roles and responsibilities as part of a shared agenda. As a result of this communication, the Commission believes that the EU will be able to measure progress against these strategic objectives, determine what further action is needed, and demonstrate to citizens the benefits of the EU’s role.

What can be done at EU level to help dismantling criminal networks?

Criminal networks operate internationally. It is often the same groups involved in diverse criminal activity, whether human trafficking, child exploitation, drugs trafficking, arms trafficking or illegal shipment and dumping of waste. Crime at a more local area, burglaries, car theft and sale of counterfeit dangerous goods are often manifestations of global networks of organised crime.

The EU should strengthen existing practical cooperation between relevant law enforcement and judicial authorities in the Members States and EU institutions and agencies. Obstacles posed by divergent national approaches to criminal law should also be overcome, if necessary through legislation on common definitions of criminal offences and minimum levels of criminal sanctions.

For instance, Joint Investigation Teams (JIT) have proven to be effective and should be conducted more frequently. JITs are set up for a limited period of time on the basis of an agreement between two or more EU Member States and /or third parties in order to fight serious cross-border crime. Europol and Eurojust have been able to support several JITs in the last couple of years within the traditional fields of organised crime activities such as drug trafficking, trafficking in human beings and counterfeiting of the Euro. In an example this year of the effectiveness of JITs, a number of charges were brought against a group who had trafficked over 160 children from a small town in Romania and forced them into street-begging in London.

How can the EU help seize more of the proceeds of crime?

The profits derived from organised crime are substantial. For example, EU sales of illicit drugs generate an estimated €100 billion per year. Organised VAT fraud in the EU also represents a similar amount. This, and associated other frauds, is revenue denied to government and has direct impact on the taxpayer. Through money-laundering criminals disguise the illegal origins of their wealth and protect their asset bases in order to avoid the suspicion of law enforcement agencies and prevent leaving a trail of incriminating evidence.

The EU should consider amending its anti-money laundering legislation (Directive 2005/60/EC) to enable identification of company owners and therefore improve the tracking of criminal assets. In 2011, the Commission will also propose legislation to strengthen the EU legal framework on confiscation (Framework Decision 2001/500/JHA). Member States should also establish fully equipped Asset Recovery Offices, with trained staff and necessary powers.

How can an EU Strategy help preventing terrorism?

The terrorist threat remains real and serious, as the recent discovery of explosives hidden in ink cartridges being exported out of Yemen demonstrated. While Al-Qaida-inspired terrorist groups continue to aim to perpetrate mass casualty attacks, several Member States are also the targets of separatist and political extremist terrorism. The EU should look to address possible gaps in our approach.

The EU should help Member States encourage networks of community activists, law enforcement, academics and others to share and discuss best practice in spotting and addressing radicalisation and recruitment leading to acts of terrorism. A dialogue on increasing protection of land transport should be developed. The Commission will propose an EU approach for freezing the assets of suspected terrorist individuals and groups active inside the EU and for the extraction and analysis of financial messaging data.

What is the size of the threat from cybercrime?

Although there are no precise figures, the incidence of attacks against information systems has increased significantly in recent years. Estonia in 2007 and Lithuania in 2008 were subject to large-scale cyber-attack. The botnet 'Conficker' (also known as Downup, Downadup and Kido) has since November 2008 spread to affect millions of computers worldwide, including, in the EU, France, the UK and Germany. The 'Stuxnet' worm, possibly the first targeted cyber weapon, infected industrial control systems probably through USB-stick propagation. Every individual and business using the internet is potentially vulnerable to cybercrimes such as ID theft and credit card fraud.

To increase Europe's resilience, the Commission will establish an EU cybercrime centre by 2013, improving cooperation between Member States and EU institutions with international partners in the fight against cybercrime. In order to improve our capacity to meet cyber attacks, each Member State and European institution should have Computer Rapid Response Teams (CERTS). The Commission also supports the establishment of a network of contacts among rapid response teams and law enforcement authorities.

How can border management increase EU's security?

Border controls and surveillance have been viewed mainly as a migration management tool. Coordinated and integrated border management are also a potentially powerful means of disrupting serious and organised crime.

The Commission believes that Frontex, the EU's border agency, can make a considerable contribution to internal security by being able to process personal data where relevant for preventing and combating crime, especially the trafficking of persons, at the external border. The Commission will also continue the implementation of the European Border Surveillance System (‘Eurosur’) and work to improve risk assessment in relation to movement of goods across the external border.

How to shape an integrated approach towards disasters?

The risk of natural disasters in the EU vary according to geography and climate: many southern Member States are particularly exposed to earthquakes and forest fires, while northern Member States are more prone to flooding or severe snowfalls. Increased vulnerability to natural disasters is associated with climate change. Other crises precipitated by terrorist or cyber attacks on critical infrastructure, energy shortage, major ICT-breakdowns and industrial accidents, such as the recent leak of toxic sludge, may also have massive cross border and cross sectoral impact.

The EU should aspire to a more coherent approach to threat and risk assessment and risk management. To this end, the Commission is proposing a set of measuresto identify better and minimize the impact of all natural, accidental and malicious threats and hazards. Existing sector-specific risk assessment and situation awareness functions in the EU institutions and agencies, such as those concerning natural disasters, threats of health pandemics, nuclear risk monitoring and terrorism, should be linked up. Response to emergencies, as set out in the Commission’s communication last month, is an integral part of this objective.